CVE-2023-4479 – Stored XSS Vulnerability in M-Files Web
https://notcve.org/view.php?id=CVE-2023-4479
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479 https://product.m-files.com/security-advisories/cve-2023-4479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-0563 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2024-0563
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users. La condición de denegación de servicio en M-Files Server en versiones anteriores a la 24.2 (excluyendo 23.2 SR7 y 23.8 SR5) permite a un usuario anónimo provocar una denegación de servicio contra otros usuarios anónimos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563 https://product.m-files.com/security-advisories/cve-2024-0563 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-6910 – Uncontrolled Resource Consumption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6910
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. Un método API vulnerable en M-Files Server anterior a 23.12.13195.0 permite el consumo incontrolado de recursos. El atacante autenticado puede agotar el espacio de almacenamiento del servidor hasta el punto en que el servidor ya no pueda atender solicitudes. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910 https://product.m-files.com/security-advisories/cve-2023-6910 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-6912 – Brute force vulnerability in M-Files user authentication
https://notcve.org/view.php?id=CVE-2023-6912
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. La falta de protección contra ataques de fuerza bruta en M-Files Server antes de 23.12.13205.0 permite a un atacante realizar intentos de autenticación ilimitados, lo que podría comprometer cuentas de usuarios de M-Files específicas al adivinar contraseñas. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6912 https://product.m-files.com/security-advisories/cve-2023-6912 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-6239 – Incorrect calculation of effective permissions
https://notcve.org/view.php?id=CVE-2023-6239
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object. Los permisos efectivos calculados incorrectamente en las versiones 23.9 y 23.10 y 23.11 anteriores a 23.11.13168.7 de M-Files Server podrían producir un resultado defectuoso si un objeto usaba una configuración específica de permisos basados en metadatos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239 https://product.m-files.com/security-advisories/cve-2023-6239 • CWE-281: Improper Preservation of Permissions •